Login

Register

Configuring Various Network Services using xinetd in Linux RHEL5/6)

As a system administrator, you will most likely need to provide your users with network and Internet services. These services may include FTP, HTTP, or Telnet.
Although some software packages like Apache provide a single service (HTTP), there is also a master service called xinetd that can run multiple services at the same time.
It is also a widely used service in the real world, particularly when it comes to automating the installation of Red Hat. There are really only a few things that you need to know to be able to use the xinetd service. This package doesn’t always come installed by default, so first let’s install it.
Step 1. Install the xinetd package:

# yum install –y xinetd

Step 2. Verify that the package is installed correctly:

# rpm -qa | grep xinetd
xinetd-2.3.14-29.el6.x86_64

With the service installed, you can shift your focus to the config files. The xinetd service has a master config file (/etc/xinetd.conf), which inherits all the settings of the services that it controls.
Aside from this master config file, a single directory (/etc/xinetd.d) contains individual config files for each service you would like xinetd to run.
As an example, let’s set up a TFTP server, which can be used to back up config files for Cisco switches or to deliver data to clients during a PXE boot process (also known as a network installation).
Step 3. Install the required package:

# yum install -y tftp-server

Step 4. Verify that the package is installed correctly:

# rpm -qa | grep tftp
tftp-server-0.49-5.1.el6.x86_64

Now that the package is installed, you can go into the /etc/xinetd.d directory and see the config file for the new service. By default, the TFTP service is disabled. Let’s look at the config file, which is small and simple
to understand.

Here, you can see the basics, such as which protocol it uses, whether the service is disabled, and what arguments are passed to the service during startup. For this example, all the defaults work fine. You may be wondering why I suggest leaving the service disabled if you want to use it. Services that are controlled by xinetd can be enabled in the config file when you enable them during the boot process.
Step 5. Enable the TFTP server to start when the system boots:

# chkconfig tftp on

Step 6. Verify that the service will start during boot:

# chkconfig tftp –list tftp on

Looking back in the config file now, notice that the service has been automatically enabled to start. You can verify this by checking the file:

# cat /etc/xinetd.d/tftp | grep disable
disable = no

Step 7. At this point, you should also enable the xinetd service itself to start on system boot:

There is also one other thing you can verify. You can get a list of all services enabled during boot by using the chkconfig command. The difference here, though, is that the xinetd service lists not only its boot levels,
but also those of all the services that it controls.
Step 9. Use chkconfig to view all the xinetd services:

# chkconfig –list
xinetd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
xinetd based services:
chargen-dgram: off
chargen-stream: off
daytime-dgram: off
daytime-stream: off
discard-dgram: off
discard-stream: off
echo-dgram: off
echo-stream: off
tcpmux-server: off
tftp: on
time-dgram: off
time-stream: off

You can see here that the xinetd service is set to start on boot and that the TFTP service is the only service it will start.
Step 10. To get the service up and running without a system reboot, just adjust any config file options you’d like and restart the xinetd service:

Step 11. Verify that the xinetd service is now running on the system and listening on UDP port 69 for connections:

# netstat -a | grep tftp
udp 0 0 *:tftp *:*

The xinetd service understands services from /etc/services and ports from /etc/rpc. These two files define all services and ports that the system can use to offer different network services to clients using the xinetd master service.
The xinetd service is fairly simple to configure, but you should make sure that you define
the config file for the services that you want to use within the /etc/xinetd.d directory and restart the service before use.
For simple troubleshooting of any xinetd service, you can check the /var/log/messages file, which is the place where the /etc/xinetd.conf config file defines all logs to be sent.
Although the default configuration options are usually fine, you can also edit the information sent to the log file by editing the main config file.

The following options are available for logging:
■ Attempt
■ Duration
■ Exit
■ Pid
■ Host
■ Userid
You also have the following host access options:
■ only_from
■ no_access
■ access_times

They can be defined within the main config file for security restrictions. Usually, it is better to let the firewall and TCP Wrappers take care of restricting certain clients, but you should know that the options are available.

Task2 : Securing Xineted Services using iptables

Although the xinetd service can actually handle multiple services, you need to ensure that you have created
the appropriate firewall rule for each server you intend to use. Because you have configured a TFTP server for this example, you need to ensure that you createa rule to allow the TFTP server to be used.
Step 1. Use iptables to create the required firewall rule:

About iGURKUL

IGURKUL I.T. Training Hub offering various Career Certification courses in Computer Networking, Unix, Linux, Cloud Computing and DevOps Technologies. With its rich experience in IT training service sector, iGURKUL has been able to set Industry best practices in IT Training for the past five years.

In Past five years, more than 5000 professionals have been trained by iGURKUL for System administration, Cloud Computing and DevOps Skill set through our Online Training portal www.unixadminschool.com. And , each day , more than 10000 working professionals from all over the globe visiting our knowledge base www.unixadminschool.com/blog for the best practices and Knowledge learning.